Addressing Healthcare Privacy & Security Concerns

Increased usage of smartphones and health apps in the United States has allowed healthcare facilities and providers easier access to communications and up-to-the-minute access to treatment plans. At the same time, American consumers are experiencing greater healthcare data breaches than ever before. In fact, according to the HIPPA Journal, more than twice the number of healthcare records were exposed during 2018 than in the previous year. That’s over thirteen million healthcare records!

There has been a growing concern from consumers in the United States about the current standing of healthcare privacy and security. Last year, Aetna evaluated the responses of 1,000 consumers and 400 physicians to several questions regarding preferences toward healthcare. The company presented the data in its Inaugural Health Ambitions Study, which concluded that patient privacy and security were more concerning to consumers than the cost of healthcare.

Technology continues to embed itself further into our everyday lives. If anything the healthcare industry has been slower to adopt and fully integrate all the technology touchpoints we have in the rest of our lives. However, the healthcare industry continues to invest in technology to place orders, document encounters, write prescriptions, submit claims, and communicate among care team.

Healthcare Privacy Guidelines

The United States federal government publishes guidelines about safeguarding health information. The HIPPA Privacy and Security Rules outline the rules (and importantly penalties) for how healthcare providers and insurance professionals collect, store and share our healthcare information, with the goal of keeping it safe and secure and preventing its unauthorized release. However, it’s vital that consumers also play a part in their own healthcare privacy protection.

Consumers should:

• Never post any personal health information online that they don’t want to be made public
• Password-protect all health information
• Verify sources before sharing any medical information
• Shred any insurance forms, prescriptions, or physician statements
• Read privacy policies and terms of service when storing health information online

Just as important as understanding how to protect healthcare data to prevent fraud, is reporting fraud when it does occur. There are several avenues consumers can take if they believe their healthcare information was used or shared in a manner that contradicts HIPPA rules.

Consumers may file a complaint with one or more of the following:

• The healthcare provider or insurer
• The U.S. Department of Health and Human Services (HHA) Office of Civil Rights
• The State’s Attorney General’s Office
• The Federal Trade Commission

The laws surrounding healthcare privacy and protection cover information about the implications of federal and state regulations regarding HIPPA, minors, interstate and intrastate patient requirements, disclosures, and consent options. The Health Insurance Portability and Accountability Act of 1996 (HIPPA) Privacy, Security, and Breach Notification Rules limits how health information is shared and regulates healthcare record privacy. This act has paved the way for other legislation to follow at the state level. It is important to note that when state laws are at least as protective as HIPPA, HIPPA does not override State law provisions.

Responding to Security Concerns

Large corporations, beyond healthcare providers and insurers, are responding to an increasing need to develop technology that safeguards Protected Health Information (PHI) as required by these laws. Rita Bowen, VP, Privacy, Compliance and HIM policy for MRO indicates that this is due to a transformation of focus from where patients receive care, to where patients search for and choose to receive care. As consumers seek care and share information beyond the four walls of their provider or insurer, companies like Amazon and Google are having to address similar healthcare privacy and security concerns as urgent care centers, hospitals, virtual care centers, and retail centers. 

For best protection, processes and documentation around health information management must continue to be strengthened in 2019. All stakeholders who request, store, or share personal health information can benefit from staying up to date on these efforts.

About the Author

Carevoyance contributor Sarah Pike, M.B.A., is a freelance marketing copywriter based in San Diego. She enjoys writing about business, fashion, food, healthcare, leadership, motivation and technology.